[toc:faq]
Introduction
This document explains the concept of redundant interface on firewall. We will discuss the whole concpet and configuration sample for the same.
Requirements
There are no specific requirements for this document.
 Components Used
ASA 5500 series running 7.X and above
Concept
A logical redundant interface is a pair of an active and a standby physical interface. When the active interface fails, the standby interface becomes active.  From firewall perspective this event is completely transparent and can be viewed as a single logical interface. We can use redundant interfaces to increase the security appliance reliability. This feature is separate from device-level failover, but you can configure redundant interfaces as well as failover if desired. We can configure upto 8 redundant interfaces. 
Redundant interface are number from 1 to 8 and have the name redundant X. When adding physical interfaces to the redundant pair, please make sure there is no configuration on it and interface is also in no shutdown state. This is just a precaution, the firewall will remove these settings when adding the physical interface to a new group. The logical redundant interface will take the MAC address of the first interface added to the group. This MAC address is not changed with the member interface failures, but changes when you swap the order of the physical interfaces to the pair.
Once we have configured a redundant interface, we can assign it a name and a security level, followed by an IP address. The procedure is the same as with any interface in the system.
Configuration
 -->
interface GigabitEthernet0/0
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1
 no nameif
 no security-level
 no ip address
interface Redundant1
 member-interface GigabitEthernet0/0
 member-interface GigabitEthernet0/1
nameif outside
 security-level 0
 ip address 1.1.1.1 255.255.255.0
Verify 
You can use the following command to verify--
 -->
ciscoasa(config)# show interface redundant 1
Interface Redundant1 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        MAC address 5475.d0d4.9594, MTU 1500
        IP address 1.1.1.1, subnet mask 255.255.255.0
        27 packets input, 12330 bytes, 0 no buffer
        Received 27 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 27 overrun, 0 ignored, 0 abort
        10 L2 decode drops
        1 packets output, 64 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        input queue (curr/max packets): hardware (5/25) software (0/0)
        output queue (curr/max packets): hardware (0/1) software (0/0)
  Traffic Statistics for "outside":
        17 packets input, 7478 bytes
        1 packets output, 28 bytes
        17 packets dropped
      1 minute input rate 0 pkts/sec,  92 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
  Redundancy Information:
        Member GigabitEthernet0/0(Active), GigabitEthernet0/1
        Last switchover at 23:13:03 UTC Dec 15 2011
Related Information
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/int5505.html
-->
interface GigabitEthernet0/0
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1
 no nameif
 no security-level
 no ip address
interface Redundant1
 member-interface GigabitEthernet0/0
 member-interface GigabitEthernet0/1
nameif outside
 security-level 0
 ip address 1.1.1.1 255.255.255.0